#!/bin/bash

# Set the bucket name and region variables
BUCKET_NAME="BUCKET_NAME"
REGION="us-east-1"

# 1. Create an S3 bucket
aws s3api create-bucket \
  --bucket "$BUCKET_NAME" \
  --region "$REGION" 

# 2. Add tags
aws s3api put-bucket-tagging \
  --bucket "$BUCKET_NAME" \
  --tagging 'TagSet=[{Key=Name,Value=s3}]'

# 3. Enable version control
aws s3api put-bucket-versioning \
  --bucket "$BUCKET_NAME" \
  --versioning-configuration Status=Enabled

# 4. Enable encryption
aws s3api put-bucket-encryption \
  --bucket "$BUCKET_NAME" \
  --server-side-encryption-configuration '{
    "Rules": [
      {
        "ApplyServerSideEncryptionByDefault": {
          "SSEAlgorithm": "AES256"
        }
      }
    ]
  }'

# 5. Set Bucket Policy
aws s3api put-bucket-policy \
  --bucket "$BUCKET_NAME" \
  --policy "{
    \"Version\": \"2012-10-17\",
    \"Statement\": [
      {
        \"Effect\": \"Allow\",
        \"Principal\": {
          \"AWS\": \"arn:aws:iam::127311923021:root\"
        },
        \"Action\": \"s3:PutObject\",
        \"Resource\": \"arn:aws:s3:::$BUCKET_NAME/*\"
      }
    ]
  }"
#Set the lifecycle strategy for S3:Convert all non current version objects to intelligent tiered storage class after 7 days
lifecycle_policy.json
{
  "Rules": [
    {
      "ID": "MoveNonCurrentToIntelligentTieringAfter7Days",
      "Status": "Enabled",
      "Filter": {
        "Prefix": ""
      },
      "NoncurrentVersionTransitions": [
        {
          "NoncurrentDays": 7,
          "StorageClass": "INTELLIGENT_TIERING"
        }
      ]
    }
  ]
}
aws s3api put-bucket-lifecycle-configuration \
    --bucket your-bucket-name \
    --lifecycle-configuration file://lifecycle_policy.json

#Set object labels
aws s3api put-object-tagging \
    --bucket mybucketname  \
    --key bucket_object_name \
    --tagging 'TagSet=[{Key=Name,Value=bucket_object_name}]'

#Recursively on all objects
aws s3 ls s3://testhhh --recursive
#Get S3 ARN
aws s3api list-buckets --query "Buckets[].Name" --output text | awk '{print "arn:aws:s3:::" $1}'
#Get s3 policy
aws s3api get-bucket-policy --bucket test --query Policy --output text | jq .


#Close blocking public access
aws s3api put-public-access-block \
    --bucket my-bucket \
    --public-access-block-configuration "BlockPublicAcls=false,IgnorePublicAcls=false,BlockPublicPolicy=false,RestrictPublicBuckets=false"
#Open S3 ACl
aws s3api put-bucket-ownership-controls \
    --bucket my-bucket \
    --ownership-controls 'Rules=[{ObjectOwnership="BucketOwnerPreferred"}]'
#Set S3 object to public
aws s3api put-object-acl \
    --bucket mybucketname  \
    --key "bucket_object_name" \
    --acl public-read
#Open Amazon EventBridge event notifications for S3
aws s3api put-bucket-notification-configuration \
    --bucket YOUR_BUCKET_NAME \
    --notification-configuration '{"EventBridgeConfiguration": {}}'